BlockFi Hubspot Data Breach: Difference between revisions
No edit summary |
(Initial 30 minutes completed.) |
||
| Line 1: | Line 1: | ||
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/blockfihubspotdatabreach.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/blockfihubspotdatabreach.php}}[[File:Blockfi.jpg|thumb|BlockFi]]BlockFi is a platform which allows users to provide their cryptocurrency and earn a high rate of return, as the platform lends out the funds to other users. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them. | ||
== About BlockFi == | |||
<ref name="observer-1229" /><ref name="coinspeaker-1230" /><ref name="coindesk-1231" /><ref name="yahoofinance-1233" /> | |||
"BlockFi is a crypto management platform that lets you leverage your cryptocurrency and put it to fair use." "This platform has been around since 2017, and while it’s independently owned, several financial giants like SoFi and Fidelity back it." "At BlockFi, you can earn up to 8.6% interest per year on your cryptocurrency holdings, borrow cash, buy and sell crypto, and access other bank-like services. It’s like an all-in-one crypto bank." "Today, a growing number of users are using BlockFi as a bank for their cryptocurrency. Just like you use Bank of America or a Credit Union for your fiat currency, you can use BlockFi for your cryptocurrency." | "BlockFi is a crypto management platform that lets you leverage your cryptocurrency and put it to fair use." "This platform has been around since 2017, and while it’s independently owned, several financial giants like SoFi and Fidelity back it." "At BlockFi, you can earn up to 8.6% interest per year on your cryptocurrency holdings, borrow cash, buy and sell crypto, and access other bank-like services. It’s like an all-in-one crypto bank." "Today, a growing number of users are using BlockFi as a bank for their cryptocurrency. Just like you use Bank of America or a Credit Union for your fiat currency, you can use BlockFi for your cryptocurrency." | ||
| Line 14: | Line 11: | ||
"As Cointelegraph reported, hackers gained entry to BlockFi’s shopper data that was hosted on Hubspot, a client relationship administration platform." | "As Cointelegraph reported, hackers gained entry to BlockFi’s shopper data that was hosted on Hubspot, a client relationship administration platform." | ||
== About HubSpot == | |||
<ref name="hubspotlegal-8616">[https://legal.hubspot.com/security HubSpot Security Program] (Jul 20, 2022)</ref> "HubSpot provides a customer relationship management (CRM) platform for marketing, sales and content management services." | |||
According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.” | According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.” | ||
| Line 21: | Line 22: | ||
"While specifics on the breached data are however to be acknowledged and revealed, BlockFi reassured prospects by highlighting that personal data — along with passwords, government-issued IDs and social security numbers — “have been certainly not saved on Hubspot.”" | "While specifics on the breached data are however to be acknowledged and revealed, BlockFi reassured prospects by highlighting that personal data — along with passwords, government-issued IDs and social security numbers — “have been certainly not saved on Hubspot.”" | ||
"We are working with Hubspot as the continue their investigation to understand the full scope of impact." | |||
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday." | "A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday." | ||
| Line 65: | Line 62: | ||
!Event | !Event | ||
!Description | !Description | ||
|- | |||
|March 15th, 2022 | |||
|Social Engineering Attack | |||
|On March 15th, at an unspecified time, a HubSpot employee fell victim to a social engineering attack which persuaded the employee to provide the necessary credentials and multi-factor authentication<ref name="hubspot-8171222">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website] (Jun 26, 2022)</ref>. | |||
|- | |||
|March 17th, 2022 | |||
|Client Data Exported | |||
|It is reported by Hubspot that contact data and user data was exported on March 17th and March 18th through an internal support tool called "just-in-time access" (or JITA)<ref name="hubspot-8171222" />. | |||
|- | |||
|March 18th, 2023 7:00:00 AM MDT | |||
|Hubspot Realized Breach | |||
|HubSpot reports they first "became aware of this unauthorized activity. [They] took prompt action to shut down the bad actor’s access and investigate its impact."<ref name="hubspot-8171222" /> | |||
|- | |- | ||
|March 18th, 2022 6:47:00 PM MDT | |March 18th, 2022 6:47:00 PM MDT | ||
| | |BlockFi Issues Statement on Twitter | ||
| | |BlockFi shares a statement regarding the incident on Twitter. This statement mentions that they learned of a "data incident" and assures that "client funds are safeguarded and were not impacted", and that "account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot"<ref name="blockfitwitter-8169" />. | ||
|- | |||
|March 19th, 2022 | |||
|Hubspot Issues Press Release FAQ | |||
|According to HubSpot's website, they published the statement and FAQ on March 19th. (No time is provided and the page was not captured by archive until the following day.) The state that "[o]n March 18, a bad actor compromised a HubSpot employee account and used it to access data within fewer than 30 HubSpot accounts."<ref name="hubspot-8615">[https://ir.hubspot.com/news/hubspots-statement-regarding-march-18-2022-security-incident HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website] (Jul 20, 2022)</ref><ref>[https://web.archive.org/web/20220321001805/https://ir.hubspot.com/news/hubspots-statement-regarding-march-18-2022-security-incident HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 6:18:05 PM MDT] (Apr 24, 2023)</ref> Hubspot also set up a public FAQ page on their website to provide more information. They report the breach exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take<ref name="hubspot-817122">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website] (Jun 26, 2022)</ref><ref>[https://web.archive.org/web/20220321020324/https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT] (Apr 24, 2023)</ref>. | |||
|- | |||
|March 21st, 2022 8:17:00 AM MDT | |||
|CoinDesk Article Published | |||
|CoinDesk publishes an article on the incident<ref>[https://www.coindesk.com/business/2022/03/21/hubspot-hack-leads-to-data-breaches-at-blockfi-swan-bitcoin/ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - CoinDesk] (Apr 24, 2023)</ref>. They report that a data breach at third-party marketing vendor HubSpot has impacted BlockFi, Swan Bitcoin, NYDIG, and Circle, among others, who maintain their customers' funds are still safe and secure. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. HubSpot has not disclosed the full extent of the breach, and an investigation is ongoing. This is copied to Yahoo Finance<ref name="yahoofinance-8628">[https://ca.finance.yahoo.com/news/hubspot-hack-leads-data-breaches-043049723.html HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - Yahoo Finance] (Jul 20, 2022)</ref>. | |||
|- | |||
|March 21st, 2022 10:53:00 AM MDT | |||
|Cory Klippsten Criticism | |||
|Swan Bitcoin CEO Cory Klippsten criticizes the industry since close to 30 companies appear to have been breached and fewer than 10 have disclosed it publicly. He announces that his company is severing relations<ref name="coryklippstentwitter-86182">[https://twitter.com/coryklippsten/status/1505950666023268354 Cory Klippsten - "Hubspot says it's around 30 crypto companies in the hack. Fewer than 10 have divulged so far." - Twitter] (Jul 20, 2022)</ref>. | |||
|- | |||
|March 21st, 2022 11:57:00 AM MDT | |||
|Blockworks Article Published | |||
|Blockworks publishes an article on the situation. They reported multiple crypto companies were affected including NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin. They report that Pantera Capital was breached a month earlier, and reference a Tweet from a breach a year and a month ago. The data breach saw user information leaked to hackers, but not passwords or sensitive personal information. It is believed to have been a “targeted incident focused on customers in the cryptocurrency industry”. Affected companies maintain customer funds are still safe and secure, and are monitoring the situation closely. The full extent of the HubSpot hack is still unknown and the investigation is reportedly still ongoing<ref name="blockworks-8621">[https://blockworks.co/nydig-blockfi-pantera-circle-all-targeted-in-hubspot-data-breach/ NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach - Blockworks] (Jul 20, 2022)</ref>. | |||
|- | |||
|March 22nd, 2022 3:10:55 AM MDT | |||
|Silicon Republic Article | |||
|Silicon Republic reports that cryptocurrency companies, including Swan Bitcoin, BlockFi, NYDIG, Pantera Capital, and Circle, were among the 30 affected by a data breach at marketing and sales platform HubSpot. The company confirmed that a “bad actor” compromised an employee account and exported contact data from a small number of customer accounts. While it is unclear what the attacker planned to do with the information, phishing emails have been reported attempting to trick users into submitting their passwords into a fake company website<ref name="siliconrepublic-8176">[https://www.siliconrepublic.com/enterprise/hubspot-data-breach-crypto-web3-bitcoin HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic] (Jun 26, 2022)</ref><ref>[https://web.archive.org/web/20220322100755/https://www.siliconrepublic.com/enterprise/hubspot-data-breach-crypto-web3-bitcoin HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic Archive March 22nd, 2022 4:07:55 AM MDT] (Apr 24, 2023)</ref>. | |||
|- | |||
|March 24th, 2022 11:11:00 AM MDT | |||
|ThreatPost Article Published | |||
|ThreatPost publishes an article on the situation. They report that HubSpot, a marketing platform used by over 135,000 customers, suffered a data breach due to a rogue employee who targeted the company's cryptocurrency customers. At least 30 crypto firms were affected, including BlockFi, Swan Bitcoin, Circle, and NYDIG. The stolen data included contact data, names, emails, account types, phone numbers, and in some cases, company names. While there was no loss of sensitive financial or personal data, such as Social Security numbers or tax IDs, there was the inclusion of a "limited historical snapshot of USD deposits" and about 1.2% of the dataset included clients' intended investment areas or the median net worth of their approximate geographic locales<ref name="threatpost-81702">[https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost] (Jun 20, 2022)</ref>. | |||
|- | |- | ||
| | |April 3rd, 2022 4:28:56 AM MDT | ||
| | |Mentioned In CoinTelegraph Article | ||
| | |The situation is mentioned in a CoinTelegraph article<ref>[https://web.archive.org/web/20220403103056/https://cointelegraph.com/news/trezor-investigates-potential-data-breach-as-users-cite-phishing-attacks Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph Archive April 3rd, 2022 4:30:56 AM MDT] (Apr 24, 2023)</ref>. They mention that "New Jersey-based crypto financial institution BlockFi proactively confirmed a data breach to warn investors about the possibility of phishing attacks." None of the other platforms are included here<ref name="eteq-7726" />. | ||
|} | |} | ||
| Line 82: | Line 115: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
=== BlockFi Issued Public Statement === | |||
BlockFi issued a public statement about the breach<ref name="blockfitwitter-8169" />.<blockquote>On Friday, March 18, 2022, BlockFi learned of a data incident at one of our third-party vendors, Hubspot, a client relationship management platform. Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform. | |||
To be clear, BlockFi's internal systems and client funds are safeguarded and were not impacted. We can also confirm that BlockFi account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot. The incident occurred at Hubspot and we are notifying you directly so that you can take actions to further protect yourself. No action is needed on your BlockFi account at this time. | |||
The protection and safekeeping of our systems and clients' assets are of the utmost importance. We will continue to keep you updated as this process evolves.</blockquote> | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
| Line 93: | Line 133: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
Hubspot reported upgrading security on their FAQ<ref name="hubspot-8171222" />:<blockquote>Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing. </blockquote> | |||
== General Prevention Policies == | == General Prevention Policies == | ||
Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds. | Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds. | ||
| Line 113: | Line 156: | ||
== References == | == References == | ||
<references><ref name="eteq-7726">[https://eteq.com/trezor-investigates-potential-information-breach-as-customers-cite-phishing-assaults/ Trezor | <references> | ||
<ref name="eteq-7726">[https://eteq.com/trezor-investigates-potential-information-breach-as-customers-cite-phishing-assaults/ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph] (May 21, 2022)</ref> | |||
<ref name="blockfitwitter-8169">[https://twitter.com/BlockFi/status/1504982848771608586 | <ref name="blockfitwitter-8169">[https://twitter.com/BlockFi/status/1504982848771608586 BlockFi - "Regarding recent third-party data incident" - Twitter] (Jun 20, 2022)</ref> | ||
<ref name="observer-1229">[https://observer.com/2021/03/blockfi-review-does-blockfi-work-is-it-legit-or-too-risky/ BlockFi Review: Does BlockFi Work? Is It Legit or Too Risky? | Observer] (Jul 5, 2021)</ref> | <ref name="observer-1229">[https://observer.com/2021/03/blockfi-review-does-blockfi-work-is-it-legit-or-too-risky/ BlockFi Review: Does BlockFi Work? Is It Legit or Too Risky? | Observer] (Jul 5, 2021)</ref> | ||
<ref name="coinspeaker-1230">[https://www.coinspeaker.com/blockfi-zero-fee-trading/ BlockFi Offers Zero-Fee Trading for Bitcoin, Ethereum and GUSD Stablecoin] (Jul 5, 2021)</ref> | <ref name="coinspeaker-1230">[https://www.coinspeaker.com/blockfi-zero-fee-trading/ BlockFi Offers Zero-Fee Trading for Bitcoin, Ethereum and GUSD Stablecoin] (Jul 5, 2021)</ref> | ||
<ref name="coindesk-1231">[https://www.coindesk.com/blockfi-rate-cut-on-bitcoin-deposits-leaves-rivals-scratching-heads BlockFi Rate Cut on Bitcoin Deposits Leaves Rivals Scratching Heads - CoinDesk] (Jul 5, 2021)</ref> | <ref name="coindesk-1231">[https://www.coindesk.com/blockfi-rate-cut-on-bitcoin-deposits-leaves-rivals-scratching-heads BlockFi Rate Cut on Bitcoin Deposits Leaves Rivals Scratching Heads - CoinDesk] (Jul 5, 2021)</ref> | ||
<ref name="yahoofinance-1233">[https://finance.yahoo.com/news/blockfi-review-2021-fees-services-215520829.html BlockFi Review 2021: Fees, Services & More] (Jul 5, 2021)</ref> | <ref name="yahoofinance-1233">[https://finance.yahoo.com/news/blockfi-review-2021-fees-services-215520829.html BlockFi Review 2021: Fees, Services & More] (Jul 5, 2021)</ref> | ||
<ref name="threatpost-8170">[https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/ HubSpot Data Breach Ripples Through Crytocurrency Industry | Threatpost] (Jun 20, 2022)</ref> | <ref name="threatpost-8170">[https://threatpost.com/hubspot-data-breach-crytocurrency-industry/179086/ HubSpot Data Breach Ripples Through Crytocurrency Industry | Threatpost] (Jun 20, 2022)</ref> | ||
<ref name="hubspot-8171">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident] (Jun 26, 2022)</ref> | |||
<ref name="hubspot-8171">[https://www.hubspot.com/en-us/march-2022-security-incident Information About HubSpot's March 18, 2022 Security Incident] (Jun 26, 2022)</ref></references> | </references> | ||
Revision as of 16:14, 24 April 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
BlockFi is a platform which allows users to provide their cryptocurrency and earn a high rate of return, as the platform lends out the funds to other users. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them.
About BlockFi
"BlockFi is a crypto management platform that lets you leverage your cryptocurrency and put it to fair use." "This platform has been around since 2017, and while it’s independently owned, several financial giants like SoFi and Fidelity back it." "At BlockFi, you can earn up to 8.6% interest per year on your cryptocurrency holdings, borrow cash, buy and sell crypto, and access other bank-like services. It’s like an all-in-one crypto bank." "Today, a growing number of users are using BlockFi as a bank for their cryptocurrency. Just like you use Bank of America or a Credit Union for your fiat currency, you can use BlockFi for your cryptocurrency."
"BlockFi [recently] introduced trading at no fees for Bitcoin, Ethereum and the stablecoin GUSD. The startup has been known to allow users access to returns on their cryptocurrency holdings by offering loans to borrowers against users’ cryptocurrency holdings and then passing across the returns in terms of interest on the loans while securing the crypto assets that were used as security for the loans."
"As part of Hubspot being used for CRM and marketing processes, BlockFi stored data that included name, email, and phone number for a majority of our clients."
"As Cointelegraph reported, hackers gained entry to BlockFi’s shopper data that was hosted on Hubspot, a client relationship administration platform."
About HubSpot
[5] "HubSpot provides a customer relationship management (CRM) platform for marketing, sales and content management services."
According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.”
"On Mar. 19, New Jersey-based crypto financial institution BlockFi proactively confirmed an info breach to warn merchants in regards to the alternative of phishing assaults."
"While specifics on the breached data are however to be acknowledged and revealed, BlockFi reassured prospects by highlighting that personal data — along with passwords, government-issued IDs and social security numbers — “have been certainly not saved on Hubspot.”"
"We are working with Hubspot as the continue their investigation to understand the full scope of impact."
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."
"A full list of the affected clients has not been published, but [HubSpot] said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."
This exchange or platform is based in United States, or the incident targeted people primarily in United States.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| March 15th, 2022 | Social Engineering Attack | On March 15th, at an unspecified time, a HubSpot employee fell victim to a social engineering attack which persuaded the employee to provide the necessary credentials and multi-factor authentication[6]. |
| March 17th, 2022 | Client Data Exported | It is reported by Hubspot that contact data and user data was exported on March 17th and March 18th through an internal support tool called "just-in-time access" (or JITA)[6]. |
| March 18th, 2023 7:00:00 AM MDT | Hubspot Realized Breach | HubSpot reports they first "became aware of this unauthorized activity. [They] took prompt action to shut down the bad actor’s access and investigate its impact."[6] |
| March 18th, 2022 6:47:00 PM MDT | BlockFi Issues Statement on Twitter | BlockFi shares a statement regarding the incident on Twitter. This statement mentions that they learned of a "data incident" and assures that "client funds are safeguarded and were not impacted", and that "account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot"[7]. |
| March 19th, 2022 | Hubspot Issues Press Release FAQ | According to HubSpot's website, they published the statement and FAQ on March 19th. (No time is provided and the page was not captured by archive until the following day.) The state that "[o]n March 18, a bad actor compromised a HubSpot employee account and used it to access data within fewer than 30 HubSpot accounts."[8][9] Hubspot also set up a public FAQ page on their website to provide more information. They report the breach exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take[10][11]. |
| March 21st, 2022 8:17:00 AM MDT | CoinDesk Article Published | CoinDesk publishes an article on the incident[12]. They report that a data breach at third-party marketing vendor HubSpot has impacted BlockFi, Swan Bitcoin, NYDIG, and Circle, among others, who maintain their customers' funds are still safe and secure. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. HubSpot has not disclosed the full extent of the breach, and an investigation is ongoing. This is copied to Yahoo Finance[13]. |
| March 21st, 2022 10:53:00 AM MDT | Cory Klippsten Criticism | Swan Bitcoin CEO Cory Klippsten criticizes the industry since close to 30 companies appear to have been breached and fewer than 10 have disclosed it publicly. He announces that his company is severing relations[14]. |
| March 21st, 2022 11:57:00 AM MDT | Blockworks Article Published | Blockworks publishes an article on the situation. They reported multiple crypto companies were affected including NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin. They report that Pantera Capital was breached a month earlier, and reference a Tweet from a breach a year and a month ago. The data breach saw user information leaked to hackers, but not passwords or sensitive personal information. It is believed to have been a “targeted incident focused on customers in the cryptocurrency industry”. Affected companies maintain customer funds are still safe and secure, and are monitoring the situation closely. The full extent of the HubSpot hack is still unknown and the investigation is reportedly still ongoing[15]. |
| March 22nd, 2022 3:10:55 AM MDT | Silicon Republic Article | Silicon Republic reports that cryptocurrency companies, including Swan Bitcoin, BlockFi, NYDIG, Pantera Capital, and Circle, were among the 30 affected by a data breach at marketing and sales platform HubSpot. The company confirmed that a “bad actor” compromised an employee account and exported contact data from a small number of customer accounts. While it is unclear what the attacker planned to do with the information, phishing emails have been reported attempting to trick users into submitting their passwords into a fake company website[16][17]. |
| March 24th, 2022 11:11:00 AM MDT | ThreatPost Article Published | ThreatPost publishes an article on the situation. They report that HubSpot, a marketing platform used by over 135,000 customers, suffered a data breach due to a rogue employee who targeted the company's cryptocurrency customers. At least 30 crypto firms were affected, including BlockFi, Swan Bitcoin, Circle, and NYDIG. The stolen data included contact data, names, emails, account types, phone numbers, and in some cases, company names. While there was no loss of sensitive financial or personal data, such as Social Security numbers or tax IDs, there was the inclusion of a "limited historical snapshot of USD deposits" and about 1.2% of the dataset included clients' intended investment areas or the median net worth of their approximate geographic locales[18]. |
| April 3rd, 2022 4:28:56 AM MDT | Mentioned In CoinTelegraph Article | The situation is mentioned in a CoinTelegraph article[19]. They mention that "New Jersey-based crypto financial institution BlockFi proactively confirmed a data breach to warn investors about the possibility of phishing attacks." None of the other platforms are included here[20]. |
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
BlockFi Issued Public Statement
BlockFi issued a public statement about the breach[7].
On Friday, March 18, 2022, BlockFi learned of a data incident at one of our third-party vendors, Hubspot, a client relationship management platform. Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.
To be clear, BlockFi's internal systems and client funds are safeguarded and were not impacted. We can also confirm that BlockFi account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot. The incident occurred at Hubspot and we are notifying you directly so that you can take actions to further protect yourself. No action is needed on your BlockFi account at this time.
The protection and safekeeping of our systems and clients' assets are of the utmost importance. We will continue to keep you updated as this process evolves.
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Hubspot reported upgrading security on their FAQ[6]:
Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing.
General Prevention Policies
Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds.
Platforms should put in place multi-signature access control on all customer data, which requires the approval of multiple people to enable the download of data.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ BlockFi Review: Does BlockFi Work? Is It Legit or Too Risky? | Observer (Jul 5, 2021)
- ↑ BlockFi Offers Zero-Fee Trading for Bitcoin, Ethereum and GUSD Stablecoin (Jul 5, 2021)
- ↑ BlockFi Rate Cut on Bitcoin Deposits Leaves Rivals Scratching Heads - CoinDesk (Jul 5, 2021)
- ↑ BlockFi Review 2021: Fees, Services & More (Jul 5, 2021)
- ↑ HubSpot Security Program (Jul 20, 2022)
- ↑ 6.0 6.1 6.2 6.3 Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ 7.0 7.1 BlockFi - "Regarding recent third-party data incident" - Twitter (Jun 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website (Jul 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 6:18:05 PM MDT (Apr 24, 2023)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - CoinDesk (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - Yahoo Finance (Jul 20, 2022)
- ↑ Cory Klippsten - "Hubspot says it's around 30 crypto companies in the hack. Fewer than 10 have divulged so far." - Twitter (Jul 20, 2022)
- ↑ NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach - Blockworks (Jul 20, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic (Jun 26, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic Archive March 22nd, 2022 4:07:55 AM MDT (Apr 24, 2023)
- ↑ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph Archive April 3rd, 2022 4:30:56 AM MDT (Apr 24, 2023)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph (May 21, 2022)
Cite error: <ref> tag with name "threatpost-8170" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "hubspot-8171" defined in <references> is not used in prior text.